Wechat Automation Api

微信发信能力：控制本机发送微信文本或图片。触发词：给[某人]发微信、通知[某人]、把这个用微信发给[某人]、用微信发个图片

What to consider before installing or running this skill: - If you only want the Skill behavior described in SKILL.md, only invoke the CLI entrypoint: `python scripts/skill_cli.py --to "联系人" --content "文本"`. That call uses WeChatController and operates locally (UI automation + clipboard). Avoid running scripts/app.py, run.bat, or monitor.py unless you explicitly want the HTTP API and background monitoring. - The repository contains an HTTP server (scripts/app.py) which expects a config.json token and can spawn a persistent monitor process that will send POSTs to an external WPush service (https://api.wpush.cn). Do not run the HTTP service unless you understand and control the config.json token and the network exposure. - Image sending (sendpic) will download arbitrary URLs and cache them in the system temp directory. If you accept sendpic actions, be aware the process will make outbound HTTP requests and write files to the temp cache. - The package requires native Windows automation libraries (uiautomation, pywin32, pyautogui). Install dependencies in a virtual environment, not system-wide, and preferably in an isolated/test machine before trusting it on a production machine or your primary account. - There are example tokens and a sample token in README_部署完成.md — treat those as examples. If you run the HTTP service, change the token in config.json to a strong secret and keep config.json secure. - If you are risk-averse: run the CLI in a disposable VM or sandboxed Windows environment, or remove/rename scripts/app.py and scripts/monitor.py before installation to prevent accidental background service startup. - Operational risks: automating WeChat UI can cause account actions (rate-limiting or detection by the platform). Ensure you have permission to automate the account and consider throttling and human oversight. Summary recommendation: The CLI skill itself is coherent and usable for the stated purpose, but the repository contains additional persistent/networked components (HTTP API + monitor) that are not required by SKILL.md — treat those as optional features and do not enable them unless you explicitly intend to run a local service and accept outbound network behavior.

Type: OpenClaw Skill Name: wechat-automation-api Version: 1.0.11 This skill bundle provides WeChat automation via high-risk UI control libraries (uiautomation, pyautogui) and a local Flask-based API in scripts/app.py. While these capabilities are aligned with the stated purpose, SKILL.md contains instructions for the AI agent to 'execute brainlessly' and bypass its own visual analysis, which significantly increases the risk of prompt-injection attacks. Additionally, the tool downloads files from arbitrary URLs in scripts/wechat_controller.py and integrates with an external notification service (api.wpush.cn) in scripts/monitor.py, creating a broad attack surface without clear evidence of intentional malice.